<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"><title>GNUcode.me</title><id>https://gnucode.me/feeds/tags/nginx http.xml</id><subtitle>Tag: nginx http</subtitle><updated>2023-05-12T11:47:31Z</updated><link href="gnucode.me/feeds/tags/nginx http.xml" rel="self" /><link href="gnucode.me" /><entry><title>HTTPS-ing GNUcode.me</title><id>https://gnucode.me/https-ing-gnucodeme.html</id><author><name>Joshua Branson</name><email>jbranso@dismail.de</email></author><updated>2020-09-03T20:00:00Z</updated><link href="https://gnucode.me/https-ing-gnucodeme.html" rel="alternate" /><summary type="html">&lt;p&gt;So, when I recently re-configured this website with &lt;code&gt;guix system&lt;/code&gt; and the
associated &lt;code&gt;nginx service&lt;/code&gt;, I set up the site to work just fine with &lt;code&gt;HTTP&lt;/code&gt; and
HTTPS.  The difference is that &lt;code&gt;HTTPS&lt;/code&gt; has a little green &amp;quot;this site is secure&amp;quot;
logo in the upper left hand side of your browser.&lt;/p&gt;&lt;p&gt;The tiny baby little problem was that users could happily use the insecure
version of the site, which could promote a man in the middle attack.  Luckily
I've been reading up on the &lt;code&gt;HTTP header&lt;/code&gt; &lt;code&gt;Strict-Transport-Security&lt;/code&gt;, which
allows me to inform users that my site supports &lt;code&gt;HTTPS&lt;/code&gt;.  You can still browse
the site using &lt;code&gt;HTTP&lt;/code&gt;, but most likely your browser will re-direct you to the
&lt;code&gt;HTTPS&lt;/code&gt; version.&lt;/p&gt;&lt;p&gt;You can verify this yourself with the following:&lt;/p&gt;&lt;pre&gt;&lt;code&gt;wget http://gnucode.me&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;And of course I have to show the
&lt;a href=&quot;https://notabug.org/jbranso/linode-guix-system-configuration/src/master/linode-locke-lamora-current-config.scm&quot;&gt;configuration&lt;/a&gt;
for my linode guix server looks something like this:&lt;/p&gt;&lt;pre&gt;&lt;code class=&quot;language-scheme&quot;&gt;(service nginx-service-type
         (nginx-configuration
          (server-blocks
           (list
            (nginx-server-configuration
             (server-name '(&amp;quot;gnucode.me&amp;quot;))
             (listen '(&amp;quot;80&amp;quot; &amp;quot;443 ssl&amp;quot;))
             (root &amp;quot;/srv/www/html/gnucode.me/site/&amp;quot;)
             ;; tell browsers my site supports HTTPS, and tell them that it will
             ;; at least work for 1/2 hour.  Gradually,  I will increase this number.
             (raw-content (list &amp;quot;add_header Strict-Transport-Security max-age=1800;&amp;quot;))
             (ssl-certificate &amp;quot;/etc/letsencrypt/live/gnucode.me/fullchain.pem&amp;quot;)
             (ssl-certificate-key &amp;quot;/etc/letsencrypt/live/gnucode.me/privkey.pem&amp;quot;)
             (locations
              (list
               (nginx-location-configuration          ;certbot
                (uri &amp;quot;/.well-known&amp;quot;)
                (body (list &amp;quot;root /srv/www;&amp;quot;))))))))))&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;&lt;a href=&quot;https://guix.gnu.org&quot;&gt;Guix System&lt;/a&gt; makes this kind of thing really easy!  You
should try it!&lt;/p&gt;&lt;p&gt;Happy Hacking! &lt;em&gt;insert cute emoji here&lt;/em&gt;&lt;/p&gt;</summary></entry></feed>